InterviewStack.io LogoInterviewStack.io

Operating System Fundamentals Questions

Comprehensive knowledge of operating system concepts and practical administration across Linux, Unix, and Windows platforms. Core theoretical topics include processes and threads, process creation and termination, scheduling and context switching, synchronization and deadlock conditions, system calls, kernel versus user space, interrupt handling, memory management including virtual memory, paging and swapping, and input and output semantics including file descriptors. Practical administration and tooling expectations include file systems and permission models, user and group account management, common system utilities and commands such as grep, find, ps, and top, package management, service and process management, startup and boot processes, environment variables, shell and scripting basics, system monitoring, and performance tuning. Platform specific knowledge should cover Unix and Linux topics such as signals and signal handling, kernel modules, initialization and service management systems, and command line administration, as well as Windows topics such as the registry, service management, event logs, user account control, and graphical and command line administration tools. Security and infrastructure topics include basic system hardening, common misconfigurations, and an understanding of containerization and virtualization at the operating system level. Interview questions may probe conceptual explanations, platform comparisons, troubleshooting scenarios, or hands on problem solving.

HardSystem Design
73 practiced
Design a scalable forensic acquisition and analysis architecture for a large cloud environment containing thousands of Linux and Windows VMs plus containerized workloads. Address automated evidence collection, preservation of volatile data, use of snapshots and object storage, jurisdictional/legal constraints, integrity verification, indexing for search, and triage prioritization.
HardTechnical
81 practiced
A Kubernetes cluster experienced data exfiltration through ephemeral pods. As a forensic examiner, outline a plan to collect and preserve evidence across worker nodes and control plane: how to acquire etcd snapshots safely, collect API server and kubelet audit logs, capture container image layers and persistent volumes, and correlate CNI network artifacts to build an activity timeline.
EasyTechnical
74 practiced
For a workstation forensic intake on Windows, enumerate the primary artifact locations you would collect during initial triage (for example: registry hives, Event Logs, $MFT, Prefetch, user profiles, browser data). For each artifact explain briefly what types of evidence it commonly contains and why it matters to investigations.
MediumTechnical
76 practiced
You suspect persistence via cron on a Linux server. Describe a structured approach to locate and analyze possible cron-based persistence across the system: which files and directories to inspect, commands to run, artifacts to collect for preservation, and anti-forensic cron techniques you should be aware of.
MediumTechnical
70 practiced
You have artifacts from a compromised Windows server and a Linux jump host. Describe a methodical approach to create a cross-platform timeline of attacker activity: what artifacts you would normalize, tools you would use to build the timeline, how to handle conflicting timestamps, and how to validate the timeline for legal defensibility.

Unlock Full Question Bank

Get access to hundreds of Operating System Fundamentals interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.